DCU, the Digital Federal Credit Union is reacting to the Hannaford data breach in an unbelievably stellar way. They are replacing all debit cards and giving new numbers to those affected by the breach. I got a new card in the mail today and couldn’t figure out why but found this explanation at dcu.org So in case you are scratcing your head as well.
We have learned from Visa and published news reports that criminals hacked into the computers of the Hannaford supermarket chain and stole credit and debit card numbers and expiration dates. The card information from a significant number of DCU members who shop at Hannaford is among them. Hannaford reports that no personal information, such as names or addresses, was accessed and that they do not know or keep such information from card transactions.
If you used a DCU Visa Credit Card or DCU Check Card at Hannaford during the period of the breach, we are sending you new cards with new card numbers as soon as possible. As always at DCU, you are never liable for any card transactions you did not authorize.
What should you do if you shopped at Hannaford?
We recommend you do the following:1. Monitor your accounts on PC Branch until after your new card arrives – If you used your DCU Visa Credit Card or Check Card at Hannaford, check your recent credit card and/or checking account activity for unauthorized transactions. Report them to us as soon as possible for immediate credit. You can report them online through PC Branch under “Forms/Services”.
2. Watch your mailbox for your replacement card(s) – Activate them as soon as you receive them following the instructions on the activation sticker. Your PIN will not change.
3. If you had set up automatic charges on your card… Such as a newspaper subscription, Internet service provider, or long-distance company, please remember to contact the billing department of each vendor and give them your new card number and expiration date.
Sending out debit cards automatically. I like the bank — a local outfit, member of SUM, and unlike DCU they don’t have a concrete bunker / arena attached to their good name.
We shop at Hannaford’s regularly in Maine (I am a devotee of their pimento dip) and we just got new cards too.
<
p>Interesting thing about this breach – it wasn’t because Hannaford was retaining data. The phone lines were hacked while credit authorizations went through. This could happen ANYWHERE – gas station, Dunkin Donuts, etc. It was suggested that requiring a PIN would eliminate 80% +/- of the risk, so look to have that requirement added soon.
The PIN would have to go through the phone line too in an authorization, and what would protect it from being stolen along with the credit card number and expiration date?
<
p>The hackers would get more information this way, and I don’t see how the PIN would make anything safer for the consumer given this kind of hack.
That applies for the bank’s computers as well, if they separate the 2 messages in time then they’d need to join them with some kind of transaction ID which aside from being a major pain to go from 1-part to multi-part messages would defeat the whole purpose of making it impossible to snoop.
<
p>They could use the PIN as an encryption key, and just send the ciphertext over.. the bank could just keep a file of the encrypted version of the card # alongside the card # and PIN which they already have…
<
p>But seems like a lot of work, requires changing the firmware on all of those card swiper machines and could still be crackable if people just logged the encrypted card #s and fed those into the system. Much more likely to get caught doing that but they could still create trouble.
<
p>Why not just add an SSL handshake? Not even the NSA (as far as we know) can break RSA encryption, if they can then they can’t do very many in a month. It’s already going over a digital stream, and the technology’s already proven. Plus, no PIN needed still aside from verifying the cardholder’s identity at the counter.
is an underpunished crime.
Remember to change any automatic charge to your credit card, like a monthly or quarterly one, once you activate your new card. I know I’ve seen mention here and at other political websites of people having monthly charges set up for donations to political campaigns, DNC Democracy Bonds, etc.
<
p>You’ll need to give each organization/company charging against your card your new number and expiration date.
<
p>I’m also with DCU, and my new card’s expiration date was pushed out two years.
<
p>Of course, now I have a new credit card number to memorize. Ugh.
I got a call today telling me a new card was on its way. I had used mine at Hannaford’s, but so far nothing fishy has shown up in my statements.
LOL. Where have I been?
I SWEAR, it is the same cheddar and pimento dip my late mother-in-law used to make in Oklahoma!
and rebranded the chain shortly thereafter. I think the purchase was announced in late summer 2004, closed around the end of the year, and the rebranding happened in 2005 or 2006 after some refurbishing of the stores.
<
p>This gave Hannaford a presence in Massachusetts and New Hampshire.
They started a new concept food wharehouse called Sun Foods. What was interesting about Sun Foods is they tried to incentivize putting your shopping cart in the corral by charging you a quarter to get a shopping card that you got back when you put the cart back. This failed miserably.
<
p>Shortly thereafter they bought a local chain called Alexanders market in Lowell. Alexanders was one of the two “Greek” supermarket chains with roots in Lowell. The other being the Demoulas-Market Basket juggernaut of Maria Lopez fame. They changed the name of that change to Alexanders Shop n’ Save then just to Shop n’ Save. The Hannafords name took in the late 1990s early 2000s.
<
p>So Hannafords has been in the Massachusetts market for 20 years.